From f1a5e84b09bed1691e914f0f650be064ba470a2b Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Tue, 28 Sep 2021 09:46:55 +0200
Subject: [PATCH] disallow anonymous sals auth

---
 rootfs/etc/confd/templates/main.cf.tmpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl
index 1088f32..fbced32 100644
--- a/rootfs/etc/confd/templates/main.cf.tmpl
+++ b/rootfs/etc/confd/templates/main.cf.tmpl
@@ -53,8 +53,9 @@ smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = inet:{{getenv "DOVECOT_HOST"}}:{{getenv "DOVECOT_AUTH_PORT"}}
 smtpd_sasl_auth_enable = yes
+smtpd_sasl_security_options = noanonymous
 
-smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient
 
 #smtpd_milters =